package com.teamwhole.modules.sys.security;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter {

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response)
            throws Exception {
        // 验证码校验
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpSession session = httpServletRequest.getSession();
        String code = (String)session.getAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);
        String randomCode = httpServletRequest.getParameter("randomCode");
        if (code != null && randomCode != null) {
            if (!randomCode.equals(code)) {
                httpServletRequest.setAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, "randomCodeError");
                return true;
            }
        }
        return super.onAccessDenied(request, response);
    }

}
